Implements permission masks

apps/member/backends.py

@@ -3,10 +3,10 @@
 
 from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
-from django.core.exceptions import PermissionDenied
 from django.db.models import Q, F
 
 from note.models import Note, NoteUser, NoteClub, NoteSpecial
+from note_kfet.middlewares import get_current_session
 from .models import Membership, RolePermissions, Club
 from django.contrib.auth.backends import ModelBackend
 
@@ -37,7 +37,8 @@ class PermissionBackend(ModelBackend):
                         F=F,
                         Q=Q
                     )
-                    yield permission
+                    if permission.mask.rank <= get_current_session().get("permission_mask", 0):
+                        yield permission
 
     @staticmethod
     def filter_queryset(user, model, t, field=None):
@@ -50,7 +51,7 @@ class PermissionBackend(ModelBackend):
         :return: A query that corresponds to the filter to give to a queryset
         """
 
-        if user.is_superuser:
+        if user.is_superuser and get_current_session().get("permission_mask", 0) >= 42:
             # Superusers have all rights
             return Q()
 
@@ -68,7 +69,7 @@ class PermissionBackend(ModelBackend):
         return query
 
     def has_perm(self, user_obj, perm, obj=None):
-        if user_obj.is_superuser:
+        if user_obj.is_superuser and get_current_session().get("permission_mask", 0) >= 42:
             return True
 
         if obj is None:

apps/member/forms.py

@@ -6,12 +6,21 @@ from crispy_forms.helper import FormHelper
 from crispy_forms.layout import Layout
 from dal import autocomplete
 from django import forms
-from django.contrib.auth.forms import UserCreationForm
+from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
 from django.contrib.auth.models import User
 
+from permission.models import PermissionMask
 from .models import Profile, Club, Membership
 
 
+class CustomAuthenticationForm(AuthenticationForm):
+    permission_mask = forms.ModelChoiceField(
+        label="Masque de permissions",
+        queryset=PermissionMask.objects.order_by("rank"),
+        empty_label=None,
+    )
+
+
 class SignUpForm(UserCreationForm):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)

apps/member/views.py

@@ -9,6 +9,7 @@ from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
+from django.contrib.auth.views import LoginView
 from django.core.exceptions import ValidationError
 from django.db.models import Q
 from django.http import HttpResponseRedirect
@@ -26,11 +27,20 @@ from note.tables import HistoryTable, AliasTable
 from .backends import PermissionBackend
 
 from .filters import UserFilter, UserFilterFormHelper
-from .forms import SignUpForm, ProfileForm, ClubForm, MembershipForm, MemberFormSet, FormSetHelper
+from .forms import SignUpForm, ProfileForm, ClubForm, MembershipForm, MemberFormSet, FormSetHelper, \
+    CustomAuthenticationForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable
 
 
+class CustomLoginView(LoginView):
+    form_class = CustomAuthenticationForm
+
+    def form_valid(self, form):
+        self.request.session['permission_mask'] = form.cleaned_data['permission_mask'].rank
+        return super().form_valid(form)
+
+
 class UserCreateView(CreateView):
     """
     Une vue pour inscrire un utilisateur et lui créer un profile